From 3c1037e2b6a94898f81ed1a68bea146a9db750a5 Mon Sep 17 00:00:00 2001 From: Dave Penkler Date: Tue, 15 Dec 2020 16:56:18 +0100 Subject: [PATCH] USB: usbtmc: Fix reading stale status byte The ioctl USBTMC488_IOCTL_READ_STB either returns a cached status byte (STB) sent by the device due to a service request (SRQ) condition or the STB obtained from a query to the device with a READ_STATUS_BYTE control message. When the query is interrupted by an SRQ message on the interrupt pipe, the ioctl still returns the requested STB while the STB of the out-of-band SRQ message is cached for the next call of this ioctl. However the cached SRQ STB represents a state that was previous to the last returned STB. Furthermore the cached SRQ STB can be stale and not reflect the current state of the device. The fixed ioctl now always reads the STB from the device and if the associated file descriptor has the srq_asserted bit set it ors in the RQS bit to the returned STB and clears the srq_asserted bit conformant to subclass USB488 devices. Tested-by: Jian-Wei Wu Reviewed-by: Guido Kiener Signed-off-by: Dave Penkler Link: https://lore.kernel.org/r/20201215155621.9592-2-dpenkler@gmail.com Signed-off-by: Greg Kroah-Hartman --- drivers/usb/class/usbtmc.c | 46 +++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/drivers/usb/class/usbtmc.c b/drivers/usb/class/usbtmc.c index b222b777e6a4..189f06dcb7d3 100644 --- a/drivers/usb/class/usbtmc.c +++ b/drivers/usb/class/usbtmc.c @@ -475,33 +475,17 @@ static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data) return usbtmc_ioctl_abort_bulk_out_tag(data, data->bTag_last_write); } -static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, - void __user *arg) +static int usbtmc_get_stb(struct usbtmc_file_data *file_data, __u8 *stb) { struct usbtmc_device_data *data = file_data->data; struct device *dev = &data->intf->dev; - int srq_asserted = 0; u8 *buffer; u8 tag; - __u8 stb; int rv; dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n", data->iin_ep_present); - spin_lock_irq(&data->dev_lock); - srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted); - if (srq_asserted) { - /* a STB with SRQ is already received */ - stb = file_data->srq_byte; - spin_unlock_irq(&data->dev_lock); - rv = put_user(stb, (__u8 __user *)arg); - dev_dbg(dev, "stb:0x%02x with srq received %d\n", - (unsigned int)stb, rv); - return rv; - } - spin_unlock_irq(&data->dev_lock); - buffer = kmalloc(8, GFP_KERNEL); if (!buffer) return -ENOMEM; @@ -548,13 +532,12 @@ static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, data->iin_bTag, tag); } - stb = data->bNotify2; + *stb = data->bNotify2; } else { - stb = buffer[2]; + *stb = buffer[2]; } - rv = put_user(stb, (__u8 __user *)arg); - dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)stb, rv); + dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)*stb, rv); exit: /* bump interrupt bTag */ @@ -567,6 +550,27 @@ static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, return rv; } +static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, + void __user *arg) +{ + int srq_asserted = 0; + __u8 stb; + int rv; + + rv = usbtmc_get_stb(file_data, &stb); + + if (rv > 0) { + srq_asserted = atomic_xchg(&file_data->srq_asserted, + srq_asserted); + if (srq_asserted) + stb |= 0x40; /* Set RQS bit */ + + rv = put_user(stb, (__u8 __user *)arg); + } + return rv; + +} + static int usbtmc488_ioctl_wait_srq(struct usbtmc_file_data *file_data, __u32 __user *arg) {